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I claim: 

1. A method of authenticating indicated IP source addresses comprised in IP 
data packets to be transmitted through an IP network, the method comprising the steps 

5 of: 

receiving an IP data packet at an incoming edge of an IP network, the IP data 
packet comprising an indicated IP source address; 

determining whether said IP data packet having been received at said 
incoming edge of the IP network is consistent with it having originated at said 
10 indicated IP source address; 

ensuring that a predetermined data field of said IP data packet contains a value 
representative of whether said IP data packet having been received at said incoming 
edge of the IP network is consistent with it having originated at said indicated IP 
source address. 

15 

2. The method of claim 1 wherein the step of determining whether said IP 
data packet having been received at said incoming edge of the IP network is 
consistent with it having originated at said indicated IP source address comprises 
performing a Reverse Path Forwarding test on said IP data packet. 

20 

3. The method of claim 1 wherein said predetermined data field of said IP 
data packet comprises an otherwise unused data field of said IP data packet. 
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4. The method of claim 1 wherein said predetermined data field of said IP 
data packet comprises a Type of Service data field. 

5 5. The method of claim 4 wherein said step of ensuring that said 

predetermined field of said BP data packet contains a value representative of whether 
said IP data packet having been received at said incoming edge of the IP network is 
consistent with it having originated at said indicated IP source address comprises 

ensuring that the Type of Service data field contains a zero value if said IP 
10, data packet having been received at said incoming edge of the IP network is not 
consistent with it having originated at said indicated IP source address, and 

ensuring that the Type of Service data field contains a non-zero value if said 
IP data packet having been received at said incoming edge of the IP network is 
consistent with it having originated at said indicated IP source address. 

15 

6. The method of claim 5 wherein said ensuring that the Type of Service field 
contains a non-zero value if said IP data packet having been received at said incoming 
edge of the IP network is consistent with it having originated at said indicated IP 
source address comprises the steps of 
20 determining if the Type of Service field akeady has a non-zero value, and 

modifying the Type of Service field to have a non-zero value only if it does 
not already have a non-zero value. 
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7. The method of claim 1 wherein the step of determining whether said IP 
data packet having been received at said incoming edge of the IP network is 
consistent with it having originated at said indicated IP source address comprises 
5 determining whether said IP data packet having been received at said 

incoming edge of the IP network has been received from a peer carrier which has 
already determined whether said IP data packet having been received at said incoming 
edge of the IP network is consistent with it having originated at said indicated IP 
source address, and 

10 ensuring that the predetermined data field of said IP data packet contains a 

value representative of whether said IP data packet having been received at said 
incoming edge of the IP network was determined by said peer carrier to be consistent 
with it having originated at said indicated IP source address. 

15 8. A method of processing IP data packets received from an IP network, the 

IP data packets comprising indicated IP source addresses and one or more of the IP 
data packets having been marked with indicia of whether the indicated IP source 
address comprised therein has been authenticated by the IP network, the method 
comprising the steps of: 

20 determining whether the indicated IP source address comprised in each one of 

said one or more of the IP data packets has been authenticated by the IP network; and 



E. Grosse 7 

-15- 

processing each one of the one or more of the IP data packets based on 
whether the indicated IP source address comprised therein has been authenticated by 
the IP network. 

5 9. The method of claim 8 wherein said indicia of whether the indicated IP 

source address comprised in said one or more of the IP data packets has been 
authenticated by the IP network comprises a value contained in a predetermined data 
field of each of said IP data packets. 

10 lO, The method of claim 9 wherein said predetermined data field of each of 

said IP data packets comprises an otherwise unused data field of said IP data packets. 

11. The method of claim 9 wherein said predetermined data field of each of 
said IP data packets comprises a Type of Service data field. 

15 

12- The method of claim 11 wherein said Type of Service data field 
comprised in each of said one or more IP data packets contains a zero value for each 
of said one or more IP data packets for which the indicated IP source address 
comprised therein has not been authenticated by the IP network, and contains a non- 
20 zero value for each of said one or more IP data packets for which the indicated IP 
source address comprised therein has been authenticated by the IP network. 
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13. The method of claim 8 wherein the step of processing each one of the one 
or more of the IP data packets based on whether the indicated IP source address 
comprised therein has been authenticated by the IP network comprises discarding 
each of said one or more IP data packets for which the indicated IP source address 

5 comprised therein has not been authenticated by the IP network. 

14. The method of claim 13 further comprising the step of performing a look 
up of one or more indicated IP source addresses comprised in one or more 
corresponding IP data packets which have been authenticated by the IP network, and 

10 wherein the step of processing each one of the one or more of the IP data packets 
based on whether the indicated IP source address comprised therein has been 
authenticated by the IP network further comprises discarding one or more of said IP 
data packets for which the indicated IP source address comprised therein has been 
authenticated by the IP network based on said look up of said one or more indicated 

15 IP source addresses comprised in one or more corresponding IP data packets which 
have been authenticated by the IP network. 

15. The method of claim 8 wherein the step of processing each one of the one 
or more of the IP data packets based on whether the indicated IP source address 

20 comprised therein has been authenticated by the IP network comprises prioritizing the 
one or more of the IP data packets based on whether the indicated IP source address 
comprised therein has been authenticated by the IP network, said IP data packets for 
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which the indicated IP source address comprised therein has been authenticated by the 
IP network having a higher priority than said IP data packets for which the indicated 
IP source address comprised therein has not been authenticated by the IP network. 

5 16. A network edge router located at an incoming edge of an IP network, the 

router adapted to authenticate indicated IP source addresses comprised in IP data 
packets to be transmitted through the IP network, the router comprising: 

an input port which receives an IP data packet at the incoming edge of the IP 
network, the IP data packet comprising an indicated IP source address; 
10 means for determining whether said IP data packet having been received at 

said incoming edge of the IP network is consistent with it having originated at said 
indicated IP source address; 

means for ensuring that a predetermined data field of said IP data packet 
contains a value representative of whether said IP data packet having been received at 
15 said incoming edge of the IP network is consistent with it having originated at said 
indicated IP source address. 

17. The router of claim 16 wherein the means for determining whether said IP 
data packet having been received at said incoming edge of the IP network is 
20 consistent with it having originated at said indicated IP source address comprises 
means for performing a Reverse Path Forwarding test on said IP data packet. 
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IS. The router of claim 16 wherein said predetermined data field of said IP 
data packet comprises an otherwise unused data field of said IP data packet. 

19. The router of claim 16 wherein said predetermined data field of said IP 
5 data packet comprises a Type of Service data field. 

20. The router of claim 19 wherein said means for ensuring that said 
predetermined field of said IP data packet contains a value representative of whether 
said IP data packet having been received at said incoming edge of the IP network is 

10 consistent with it having originated at said indicated IP source address comprises 

means for ensuring that the Type of Service data field contains a zero value if 
said IP data packet having been received at said incoming edge of the IP network is 
not consistent with it having originated at said indicated IP source address, and 

means for ensuring that the Type of Service data field contains a non-zero 
15 value if said BP data packet having been received at said incoming edge of the IP 
network is consistent with it having originated at said indicated IP source address. 

21. The router of claim 20 wherein said means for ensuring that the Type of 
Service field contains a non-zero value if said IP data packet having been received at 

20 said incoming edge of the IP network is consistent with it having originated at said 
indicated IP source address comprises 
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means for determining if the Type of Service field already has a non-zero 
value, and 

means for modifying the Type of Service field to have a non-zero value only if 
it does not already have a non-zero value. 

5 

22. The router of claim 16 wherein the means for determining whether said IP 
data packet having been received at said incoming edge of the IP network is 
consistent with it having originated at said indicated IP source address comprises 

means for determining whether said IP data packet having been received at 
10 said incoming edge of the IP network has been received from a peer carrier which has 
already determined whether said IP data packet having been received at said incoming 
edge of the IP network is consistent with it having originated at said indicated IP 
source address, and 

means for ensuring that the predetermined data field of said IP data packet 
15 contains a value representative of whether said IP data packet having been received at 
said incoming edge of the IP network was determined by said peer carrier to be 
consistent with it having originated at said indicated IP source address. 

23. A server adapted to process IP data packets received from an IP network, 
20 the IP data packets comprising indicated IP source addresses and one or more of the 

IP data packets having been marked with indicia of whether the indicated IP source 
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address comprised therein has been authenticated by the IP network, the server 
comprising: 

means for determining whether the indicated IP source address comprised in 
each one of said one or more of the IP data packets has been authenticated by the IP 
5 network; and 

means for processing each one of the one or more of the IP data packets based 
on whether the indicated IP source address comprised therein has been authenticated 
by the IP network. 

10 24. The server of claim 23 wherein said indicia of whether the indicated IP 

source address comprised in said one or more of the IP data packets has been 
authenticated by the IP network comprises a value contained in a predetermined data 
field of each of said IP data packets. 

15 25. The server of claim 24 wherein said predetermined data field of each of 

said IP data packets comprises an otherwise unused data field of said IP data packets. * 

26. The server of claim 24 wherein said predetermined data field of each of 
said IP data packets comprises a Type of Service data field. 

20 

27. The server of claim 26 wherein said Type of Service data field comprised 
in each of said one or more IP data packets contains a zero value for each of said one 
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or more IP data packets for which the indicated IP source address comprised therein 
has not been authenticated by the IP network, and contains a non-zero value for each 
of said one or more IP data packets for which the indicated IP source address 
comprised therein has been authenticated by the IP network. 

5 

28. The server of claim 23 wherein the means for processing each one of the 
one or more of the IP data packets based on whether the indicated IP source address 
comprised therein has been authenticated by the IP network comprises means for 
discarding each of said one or more IP data packets for which the indicated IP source 

10 address comprised therein has not been authenticated by the IP network. 

29. The server of claim 28 further comprising means for performing a look up 
of one or more indicated IP source addresses comprised in one or more corresponding 
IP data packets which have been authenticated by the IP network, and wherein the 

15 means for processing each one of the one or more of the IP data packets based on 
whether the indicated IP source address comprised therein has been authenticated by 
the IP network further comprises means for discarding one or more of said IP data 
packets for which the indicated IP source address comprised therein has been 
authenticated by the IP network based on said look up of said one or more indicated 

20 IP source addresses comprised in one or more corresponding IP data packets which 
have been authenticated by the IP network. 
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30. The server of claim 23 wherein the means for processing each one of the 
one or more of the IP data packets based on whether the indicated IP source address 
comprised therein has been authenticated by the IP network comprises means for 
prioritizing the one or more of the IP data packets based on whether the indicated IP 
source address comprised therein has been authenticated by the IP network, said IP 
data packets for which the indicated IP source address comprised therein has been 
authenticated by the IP network having a higher priority than said IP data packets for 
which the indicated IP source address comprised therein has not been authenticated by 
the IP network. 



